Hackers use typosquatting to dupe the unwary with fake news, sites

SAN FRANCISCO – The proliferation of fake news has shone a light on another murky corner the web, the practice of typosquatting.

Author:
WUSA Staff

Published:
5:12 PM EST December 1, 2016

SAN FRANCISCO – The proliferation of fake news has shone a light on another murky corner the web, the practice of typosquatting.

These are the URLs that pass for common ones — say Amazoon.com instead of Amazon.com — if the user isn't paying close attention to the Web address.

Always eager to capitalize on human inattention, cyber criminals have embraced this method of registering a commonly misspelled Web address to use as a base for the distribution of malware or to steal information from unsuspecting users.

“They create a site that looks essentially like the real one, at least on the surface. It’s fairly straightforward to do and then you’re simply relying on human nature to not notice,” said Steve Grobman, chief technology officer at Intel Security.

Sometimes called URL hijacking, multiple media sites have been hit with the ploy, including usatoday.com (usatodaycom.com) and abcnews.com ( abcnews.com.co.)

The technique can make made-up stories seem more legitimate and give them a brief but powerful ride in legitimate news sites until they're debunked. Such articles played a role in this year's presidential election, though how much they influenced the outcome is unknown.

On Nov. 17, a fake story claimed to report on someone paid $3,500 to protest at rallies for then-presidential candidate against Donald Trump. The story was credited to the Associated Press, though it was not from that legitimate news outlet, and appeared on the fake news site abcnews.com.co.

The story was in fact created by Paul Horner, who earns his living writing fake stories and who told the Washington Post he made $10,000 each month selling ads on his fake news sites.

In May, the same faked ABC site published a “story” that Michael Jordan was threatening to move his NBA team from Charlotte, N.C. unless the state repealed a recently-passed law that kept transgender people from using the bathroom of their current, as opposed to original, gender.

The fake story was picked up by multiple outlets before it was finally unmasked as a hoax.

Two years ago, a Change.org petition was created in response to a made-up article from the satirical National Report, which was later picked up by a faked nbc.com.co site. The article claimed that Arizona had passed a “self-rape” law under which a 15-year-old boy was sentenced to prison after his mother found him masturbating.

These websites are created to make money in two different ways, said Akino Chikada, senior brand protection manager with MarkMonitor, a San Francisco-based company.

Fraudsters use counterfeit sites as phishing farms, trying to entice those who visit them to fill out personal information that can be used to steal credentials and other potentially saleable information.

“If you accidentally mistype a particular brand name, it could lead you to a survey. You think it’s for a brand you love, but it’s actually a thief trying to steal information about you,” said Chikada.

Companies can’t always protect themselves against this type of fraud because they can’t register every conceivable variant on their names. “It’s too expensive and inefficient. Though they do tend to register the most common typos. Then they just have to monitor,” said Chikada.

Another common ploy is for criminals to place banners or ads that link to slightly off URLs.

“You go to your site and at the bottom, you see what looks like an Amazon ad that says there's a Macbook Pro for $299. But when you click on it, it doesn’t really go to Amazon, maybe it goes to amazoon.com. But how carefully are you going to study the URL you’re clicking?” Grobman said.

Fake news sites especially take advantage of the urgency they try to create in their readers.

“They’re using the sensationalized aspect of it to make you click much quicker than if you were going through the process rationally," he said. A sensational headline, especially if it reinforces or denounces a strongly-held belief, might cause a reader to be less cautious.

Many security software programs are fairly effective against blocking such typo-ridden URLs if they go to a known malware-infected site, but some can slip through, he said.

But as with most things online, the key is awareness and taking an extra moment to stay safe. That includes glancing at a URL before accepting it as valid or perhaps opening a new browser window and actually typing in a desired destination, rather than simply clicking on a link on a site that seems dubious.